Fluid Attacks Database

Description

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	389-ds-base	=1.4.4.11-2 \|\| =1.4.4.11-2+deb11u1 \|\| =1.4.4.16-1 \|\| =1.4.4.17-1 \|\| =2.0.11-1 \|\| =2.0.11-2 \|\| =2.0.14-1 \|\| =2.0.15-1 \|\| =2.0.15-1.1 \|\| =2.3.1+dfsg1-1 \|\| =2.3.1-1 \|\| =2.3.4+dfsg1-1 \|\| =2.3.4+dfsg1-1.1 \|\| =2.4.4+dfsg1-1 \|\| =2.4.4+dfsg1-3 \|\| =2.4.5+dfsg1-1 \|\| =3.0.2+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.1+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+vendor1-1 \|\| =3.1.2+vendor1-2	-
debian 12	389-ds-base	=2.3.1+dfsg1-1 \|\| =2.3.1+dfsg1-1+deb12u1 \|\| =2.3.4+dfsg1-1 \|\| =2.3.4+dfsg1-1.1 \|\| =2.4.4+dfsg1-1 \|\| =2.4.4+dfsg1-3 \|\| =2.4.5+dfsg1-1 \|\| =3.0.2+dfsg1-1 \|\| =3.1.1+dfsg1-1 \|\| =3.1.1+dfsg1-2 \|\| =3.1.1+dfsg1-3 \|\| =3.1.2+dfsg1-1 \|\| =3.1.2+vendor1-1 \|\| =3.1.2+vendor1-2	-
debian 13	389-ds-base	>=0 <2.4.5+dfsg1-1	2.4.5+dfsg1-1
rpm rhel9	389-ds-base	<0:2.4.5-9.el9_4	0:2.4.5-9.el9_4

Aliases

1. CVE-2024-62372. NVD-2024-62373. OSV-DEBIAN-2024-62374. OSV-2024-62375. SECURITY-TRACKER-CVE-2024-6237

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.